Mist: Towards Improved Adversarial Examples for Diffusion Models
About
Diffusion Models (DMs) have empowered great success in artificial-intelligence-generated content, especially in artwork creation, yet raising new concerns in intellectual properties and copyright. For example, infringers can make profits by imitating non-authorized human-created paintings with DMs. Recent researches suggest that various adversarial examples for diffusion models can be effective tools against these copyright infringements. However, current adversarial examples show weakness in transferability over different painting-imitating methods and robustness under straightforward adversarial defense, for example, noise purification. We surprisingly find that the transferability of adversarial examples can be significantly enhanced by exploiting a fused and modified adversarial loss term under consistent parameters. In this work, we comprehensively evaluate the cross-method transferability of adversarial examples. The experimental observation shows that our method generates more transferable adversarial examples with even stronger robustness against the simple adversarial defense.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Portrait Privacy Protection | SyncTalk-generated videos (test) | PSNR28.54 | 45 | |
| Face Swapping Protection | CelebA-HQ | L2 Distance0.0139 | 28 | |
| Face Swapping Protection | VGGFace2 HQ | L2 Distance0.0261 | 28 | |
| Image Immunization | StableDiffusion 1.4 (test) | PSNR16.4 | 20 | |
| Image Immunization | HQ-Edit (Unseen Prompts) | PSNR (dB)9.33 | 16 | |
| Immunization against image editing | SD14 to SD3 Cross-model transfer | PSNR21.98 | 16 | |
| Image Immunization | StableDiffusion v3 (test) | PSNR21.71 | 16 | |
| Image Immunization | InstructPix2Pix (Unseen Prompts) | PSNR16.38 | 16 | |
| Image Immunization | InstructPix2Pix Original Prompt | PSNR16.34 | 16 | |
| Image Quality Evaluation | CelebA-HQ | FID48.3273 | 16 |